Re: security_definer_search_path GUC
Marko Tiikkaja <marko@joh.to>
From: Marko Tiikkaja <marko@joh.to>
To: Joel Jacobson <joel@compiler.org>
Cc: Pavel Stehule <pavel.stehule@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2021-06-02T16:36:39Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Create a new GUC variable search_path to control the namespace search
- 838fe25a9532 7.3.1 cited
On Wed, Jun 2, 2021 at 3:46 PM Joel Jacobson <joel@compiler.org> wrote: > If a database object is to be accessed unqualified by all users, isn't the > 'public' schema a perfect fit for it? How will it be helpful to create > different database objects in different schemas, if also adding all such > schemas to the search_path so they can be accessed unqualified? In such a > scenario you risk unintentionally creating conflicting objects, and > whatever schema happened to be first in the search_path will be resolved. > Seems insecure and messy to me. > Heh. This is actually exactly what I wanted to do. The use case is: version upgrades. I want to be able to have a search_path of something like 'pg_catalog, compat, public'. That way we can provide compatibility versions of newer functions in the "compat" schema, which get taken over by pg_catalog when running on a newer version. That way all the compatibility crap is clearly separated from the stuff that should be in "public". .m